Jewel-Osco stores in Illinois, Indiana and Iowa were among several U.S. supermarkets affected by another recent card-fraud incident, the chain’s parent company said on Monday.
The company said it was informed that the latest attack involved different malware than in an earlier incident it announced on Aug. 14. Investigations into both incidents continue, AB Acquisition LLC said.
“The new malware may have captured account numbers, expiration date, other numerical information and/or the cardholder’s name,” AB Acquisition LLC said in a statement issued on Monday. “At this time there has not been a determination that any payment card data was in fact stolen as a result of either incident.”
The latest attack appears to have occurred in late August or early September, the company said.
Along with Jewel-Osco, other stores impacted in the latest attack were Albertsons in Southern California, Idaho, Montana, North Dakota, Nevada, Oregon, Washington, Wyoming and Southern Utah; ACME Markets in Pennsylvania, Maryland, Delaware and New Jersey; and Shaw’s and Star Markets stores in Maine, Massachusetts, Vermont, New Hampshire and Rhode Island, AB Acquisition said.
The company said it is offering 12 months of free consumer identity-protection services from AllClear ID to customers whose cards may have been affected in the latest attack. For now, customers who shopped from Aug. 27 through Sept. 21 are being offered the identity-protection services.
When the earlier attack was announced, AB Acquisition said it appeared that unauthorized access may have started as early as June 22 and ended on July 17, at the latest.